Twitter Facebook LinkedIn
Call on: 020 8254 2150 | info@sportsinjuriesandphysio.com

Privacy Notice

Privacy Notice

This privacy notice sets out how The Sports Injury & Physio Clinics Ltd uses and protects any information that you provide in relation to your treatment with the clinic.

 

The Sports Injury & Physio Clinics Ltd is committed to protect your privacy and your rights under the General Data Protection Regulations (GDPR) 2018. This policy explains the information we hold about you, and who else may have access to it. The only personal information we will have is that which is voluntarily supplied by you.

 

Please take a minute to read this document, if you find anything unclear please contact us.

 

Who Are We – The Clinic (Data Controller)

Sutton Sports Injury and Physio Clinic (The Clinic) is a trading name of The Sports Injury and Physio Clinics Ltd who is the data controller. The Clinic is based at Better Sutton Sports Village, Rosehill Park, Sutton, Surrey, SM1 3HH with the registered head office at 3rd Floor, 4 The Exchange, Brent Cross Gardens, London, NW4 3RJ. The Clinic Director is Mr Nick Wirth.

 

Why We Store Your Data – Data Collection and Processing (Storage)

The Clinic collects and processes (stores) information in order to carry out its main purpose of providing a physiotherapy-based healthcare service for its patients. We are part of the medical profession and are therefore governed by the same rules that would apply to your GP or Hospital Consultant. We have a legal obligation, as outlined by the government (Ministry of Health – MOH) and our professional bodies (The Chartered Society of Physiotherapy – CSP and The Healthcare Professions Council – HCPC), to collect and store information about you, your medical condition, work and lifestyle information plus possibly information about other aspects of your physical and mental health, family history, ethnicity, employment status and disability, provided this information is relevant and required to perform our purpose.

 

What Data We Store – Storage Limitation Principle

The new GDPR regulations cover all types of hard and electronic data. For our purposes, as well as our electronic health records this may also include photographs, video analysis, health questionnaires and others. We will only collect and process information about you that is relevant to our purpose and is adequate to fulfil this purpose. Information that we hold will be kept up-to-date and every effort will be made to rectify information as soon as possible when we become aware of inaccuracies. Although you have the right to information held about you deleted our legal obligation may supersede this right with regards to your healthcare information. Please contact The Clinic directly if you have questions about this.

 

How Long We Store Your Data – Storage Limitation Principle

Under MoH and CSP/HCPC regulations, relating to the maintenance of health records, we are required to keep your records for a minimum of 8 years or until your 25th birthday if your treatment was as a child. As we often see patients over a long period of their lives or who have experienced an accident or incident resulting in an insurance claim our policy is to keep your records indefinitely. After 8 years following treatment (or after your 25th birthday if treatment was as a child), if you wish your records to be destroyed then please contact the clinic and we will destroy your records in accordance with best practice at that time.

 

How We Store Your Data – Integrity and Confidentiality Principle

The Clinic takes your data security seriously.  We use a cloud-based diary management system to collect and store both personal and health related information about you.  The system is password protected and only staff working within the clinic have access to this system.  The data itself is securely stored at data centres in the UK conforming to ISO27001 standards with multi-layer security features, the operators of the data centres do not have access to your data and simply hold this data on our behalf. Our computer system is also password protected and only staff working at The Clinic have access to the computer system. We may occasionally send/receive letters or emails about your care to/from other healthcare professionals or members of the your wider team, these are then uploaded to our secure system and disposed of securely. No information of this kind will be held for any longer than required to perform our purpose but does form part of your medical record. In certain circumstances we still maintain hand-written records, this is primarily for the purpose of screening athletes. These records are held in secure filing cabinets, in a secure office within a secure building. We are in the process of uploading all of our previous hand-written records to our secure system and until this is finished these records are also held in a secure location within a secure building.

 

Who else might see my personal information?
The Clinic will not share your personal information with any other company without your consent. When relevant and with your consent we may communicate, regarding your treatment, with other medical and healthcare professionals, consultants, coaches, fitness instructors, family or other individuals involved in your wider care. We will ask your permission before doing this and you have the absolute right to deny this permission except in the circumstance of vital interest such as communicating with next of kin or medical professionals in the event of an incident, accident or emergency. We operate solely within the European Union and therefore no data will very be transferred outside of the Union. We will share your information where required to do so by relevant legislation, or court orders. We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. We may use your personal information, with your consent, to send you relevant information about The Clinic’s team, products and services, which we think you may find interesting, we will ask your permission before we do this.  Should The Clinic be acquired by another company, customer information may be deemed a transferable business asset, and as such will transfer to the new owners.

 

Yours Rights Regarding The Data We Hold

  1. Right of Access – Following a written request we will provide all information held about you. We have one month from the date of the written request to provide you with this data. This information will be provided free of charge to the patient unless there is an unreasonably excessive request. Written reports are not covered by this and do incur an administrative fee equivalent to one 30minute treatment charge at the current rate of The Clinic at the time of the request. We may still charge insurance companies and solicitors or other third parties acting on behalf of the patient if requesting their records. The individual requesting the information will need to complete a Medical Record Release Form available through the clinic.
  2. Right of Rectification – You have the right for information stored by us to be accurate. We will make every effort to ensure that personal information stored about you is accurate and up-to-date. Health records cannot be rectified if the information is true in accordance with maintenance of medical records regulations.
  3. Right to be Forgotten (Erasure) – You have the right to ask to have your records deleted. As we are a medical healthcare company we are legally obliged to keep your records for a minimum of 8yrs or until your 25th birthday if your treatment was a s a child. If this timescale has lapsed and you wish your records to be deleted, please contact the clinic in writing and this will be arranged providing there is no legal obligation to refuse in accordance with the regulations on place at the time of the request.
  4. Right to Restriction of Processing – You have the right to restrict the purpose for which we process your information. We will always seek to gain your consent for processing your data in any other way than our legal requirement to maintain accurate, up-to-date and specific medical records.
  5. Right of Data Portability – You have the right to have your records transferred to another location if you or treatment is transferred to another physical or geographic location. In this circumstance you will need to complete a Medical Record Release Form as per the Right to Access section above.
  6. Right to Object – You have the right to object to your data being stored/processed. As we are a medical healthcare practice, this will result in us not being able to treat you as a patient. However, you have the absolute right to object to receiving news and updates about the clinic. Therefore, you may consent to The Clinic holding information about your treatment but object to receiving information and updates and about The Clinic, we will always seek your permission to do this.
  7. Right not to be Automatically Processed – The Clinic does not currently operate any automatic processing or profiling based on your personal or health data.

 

What Happens If We Lose or Share Your Data Without Consent – Data Breaches

We take security of your data seriously but unfortunately from time to time things may happen that are beyond our control. In the event of a data breach we will inform you as soon as is practically possible about the nature, extent and possible impact of any data breach. This involves not only inadvertent sharing but also destruction of information through fire, flood, theft, loss etc… If the data breach is deemed serious enough, we will also inform the Information Commissioners Office (ICO) within 3 days of the breach and set-up an internal investigation as to the cause of any such breach. If required, we will communicate the results of such an investigation to you and also our intended plan to rectify and stop such breaches in the future. We only need to do this if there has been a definite or high risk breach as defined by the ICO.

 

What if this Privacy Policy changes? 
The Sports Injury & Physio Clinic reserve the right to change this privacy policy from time to time. We will notify you of any important changes to this policy. A copy is kept behind main reception of The Clinic and on our website.

 

Contact Us
If you have any queries or concerns about this policy please write to:
The Sports Injury & Physio Clinics Ltd

Better Sutton Sports Village

Rosehill Park

Sutton

Surrey

SM1 3HH